Mosquitto
Overview
Section titled “Overview”Mosquitto is an open-source message broker that implements the MQTT protocol. In this homelab, it serves as the central communication hub for IoT devices, specifically integrating Zigbee2MQTT with Home Assistant.
| Port | Protocol | Description |
|---|---|---|
1883 | TCP | Main MQTT listener (Internal only) |
Internal Access
Section titled “Internal Access”The broker is accessible locally at mqtt://localhost:1883 or via the server IP. It is not exposed to the external network for security reasons.
Secrets
Section titled “Secrets”Authentication is mandatory. Secrets are managed via 1Password and injected at runtime.
| Secret Path | Key | Environment Variable |
|---|---|---|
op://Homelab/Mosquito/username | username | MQTT_USER |
op://Homelab/Mosquito/password | password | MQTT_PASS |
Configuration Details
Section titled “Configuration Details”Due to strict NixOS module schemas, the configuration is injected via an inclusion pattern:
- Secrets are fetched by
mosquitto-secrets.service. - A manual
auth.confis generated in/var/lib/mosquitto/config/. - The main service includes this directory via
services.mosquitto.includeDirs.
Backup
Section titled “Backup”- Paths:
/var/lib/mosquitto(Persistence database). - Exclusions:
passwd*,config/(Regenerated at every startup).
Troubleshooting
Section titled “Troubleshooting”Checking Status
Section titled “Checking Status”systemctl status mosquittoViewing Logs
Section titled “Viewing Logs”journalctl -u mosquitto -fTesting Connection
Section titled “Testing Connection”source /run/mosquitto/envnix shell nixpkgs#mosquitto --command mosquitto_pub -h localhost -u "$MQTT_USER" -P "$MQTT_PASS" -t "test/status" -m "check"